API Security Fuzzing & Bug Bounty Toolkit

Acerca de

This skill equips Claude with advanced methodologies for API security testing, specifically tailored for bug bounty hunters and penetration testers. It provides structured workflows for reconnaissance, authentication bypass, and exploiting complex vulnerabilities such as Insecure Direct Object Reference (IDOR), SQL injection within JSON payloads, and GraphQL-specific attack vectors like introspection abuse and query batching. By leveraging this skill, users can systematically audit API endpoints, discover hidden documentation, and implement robust security checks across various protocols to identify critical security flaws before they can be exploited.

Características Principales

• Automated API reconnaissance and endpoint enumeration using Kiterunner and Swagger parsers
• Comprehensive GraphQL security auditing covering introspection, nested query DoS, and batching bypasses
• Multi-protocol support for REST, SOAP, and GraphQL with protocol-specific injection payloads
• 0 GitHub stars
• Advanced IDOR testing patterns including parameter pollution and JSON wrapping techniques
• Detailed endpoint bypass strategies for overcoming 403 Forbidden and 401 Unauthorized responses

Casos de Uso

• Performing deep security audits on production API environments during bug bounty engagements
• Reconstructing GraphQL schemas and testing for business logic flaws in modern headless architectures
• Identifying and documenting Broken Object Level Authorization (BOLA/IDOR) in complex web applications